Re: make world and setuid bits

From: Crist J. Clark (cjc@FreeBSD.ORG)
Date: 03/28/02

• Next message: Alvaro Pereira: "Re: How can I erase my fingertips ."
• Previous message: Crist J. Clark: "Re: pf OR ipf ?"
• In reply to: Jason Stone: "make world and setuid bits"
• Next in thread: Jason Stone: "Re: make world and setuid bits"
• Reply: Jason Stone: "Re: make world and setuid bits"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 28 Mar 2002 12:18:50 -0800
From: "Crist J. Clark" <cjc@FreeBSD.ORG>
To: Jason Stone <jason-fbsd-security@shalott.net>

On Thu, Mar 28, 2002 at 04:40:31AM -0800, Jason Stone wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Are there make variables that can be set to prevent "make world" from
> installing binaries as setuid? Currently, I always run something like
> "find -perms -4000 | xargs chmod u-s" after doing a make world, but this
> seems inelegant, prone to human error, and dangerous as there's a
> (potentially quite long) period in which there are still many setuid
> binaries....
>
> make options to allow the prevention of "setuid root", "all setuid",
> or "all setuid and all setgid" would be nice.

For the vast majority of users, having no setuid binaries is a really,
really bad idea from a security standpoint. It forces you to do
everything as root.

If this is a policy on some machine somewhere, I don't that there is
much of a window of vulnerability. During the installation of the new
binaries, the system would be out of normal service. The system should
be isolated from potentially hostile users.

-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Alvaro Pereira: "Re: How can I erase my fingertips ."
• Previous message: Crist J. Clark: "Re: pf OR ipf ?"
• In reply to: Jason Stone: "make world and setuid bits"
• Next in thread: Jason Stone: "Re: make world and setuid bits"
• Reply: Jason Stone: "Re: make world and setuid bits"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [PATCH] Undo some of the pseudo-security madness ... there are valid applications which need an unadulterated memory map. ... there also are valid reasons to want those applications to be setuid ... attackers to mount privilege escalation attacks against setuid binaries ... (Linux-Kernel) Re: default value of security.bsd.hardlink_check_[ug]id ... If disk quotas are enabled, a user can waste another user's disk quota by ... It becomes difficult to apply security fixes for issues involving setuid ... binaries, since a local attacker could create hard links to all the setuid ... (freebsd-arch) Re: make world and setuid bits ... >>> installing binaries as setuid? ... >> For the vast majority of users, having no setuid binaries is a really, ... > 1) For server machines that have no non-root interactive users, ... > reason to not do so? ... (FreeBSD-Security) Re: make world and setuid bits ... >> installing binaries as setuid? ... >> period in which there are still many setuid ... For server machines that have no non-root interactive users, ... Here's what I worry about. ... (FreeBSD-Security) Re: make world and setuid bits ... > Hash: SHA1 ... > installing binaries as setuid? ... > period in which there are still many setuid ... You can mount your filesystem whith the "nosuid" option. ... (FreeBSD-Security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint